aboutsummaryrefslogtreecommitdiff
path: root/mod/search
diff options
context:
space:
mode:
Diffstat (limited to 'mod/search')
-rw-r--r--mod/search/index.php34
-rw-r--r--mod/search/start.php3
2 files changed, 18 insertions, 19 deletions
diff --git a/mod/search/index.php b/mod/search/index.php
index 2927e6616..d62e3be72 100644
--- a/mod/search/index.php
+++ b/mod/search/index.php
@@ -37,14 +37,14 @@ $custom_types = trigger_plugin_hook('search_types', 'get_types', $params, array(
// add submenu items for all and native types
// @todo should these maintain any existing type / subtype filters or reset?
-$data = http_build_query(array(
- 'q' => urlencode($query),
- 'entity_subtype' => urlencode($subtype),
- 'entity_type' => urlencode($type),
- 'owner_guid' => urlencode($owner_guid),
+$data = htmlspecialchars(http_build_query(array(
+ 'q' => $query,
+ 'entity_subtype' => $subtype,
+ 'entity_type' => $type,
+ 'owner_guid' => $owner_guid,
'search_type' => 'all',
'friends' => $friends
-));
+)));
$url = "{$CONFIG->wwwroot}pg/search/?$data";
add_submenu_item(elgg_echo('all'), $url);
@@ -54,14 +54,14 @@ foreach ($types as $type => $subtypes) {
foreach ($subtypes as $subtype) {
$label = "item:$type:$subtype";
- $data = http_build_query(array(
- 'q' => urlencode($query),
- 'entity_subtype' => urlencode($subtype),
- 'entity_type' => urlencode($type),
- 'owner_guid' => urlencode($owner_guid),
+ $data = htmlspecialchars(http_build_query(array(
+ 'q' => $query,
+ 'entity_subtype' => $subtype,
+ 'entity_type' => $type,
+ 'owner_guid' => $owner_guid,
'search_type' => 'entities',
'friends' => $friends
- ));
+ )));
$url = "{$CONFIG->wwwroot}pg/search/?$data";
@@ -70,13 +70,13 @@ foreach ($types as $type => $subtypes) {
} else {
$label = "item:$type";
- $data = http_build_query(array(
- 'q' => urlencode($query),
- 'entity_type' => urlencode($type),
- 'owner_guid' => urlencode($owner_guid),
+ $data = htmlspecialchars(http_build_query(array(
+ 'q' => $query,
+ 'entity_type' => $type,
+ 'owner_guid' => $owner_guid,
'search_type' => 'entities',
'friends' => $friends
- ));
+ )));
$url = "{$CONFIG->wwwroot}pg/search/?$data";
diff --git a/mod/search/start.php b/mod/search/start.php
index 14299b7c6..314aa4710 100644
--- a/mod/search/start.php
+++ b/mod/search/start.php
@@ -88,7 +88,7 @@ function search_page_handler($page) {
*/
function search_get_highlighted_relevant_substrings($haystack, $needle, $min_match_context = 15, $max_length = 500) {
global $CONFIG;
- $haystack = urldecode(strip_tags($haystack));
+ $haystack = strip_tags($haystack);
$haystack_lc = strtolower($haystack);
//
// $haystack = "Like merge sort, quicksort can also be easily parallelized due to its "
@@ -100,7 +100,6 @@ function search_get_highlighted_relevant_substrings($haystack, $needle, $min_mat
// for now don't worry about "s or boolean operators
$needle = str_replace(array('"', '-', '+', '~'), '', stripslashes(strip_tags($needle)));
- $needle = urldecode($needle);
$words = explode(' ', $needle);
$min_chars = $CONFIG->search_info['min_chars'];